Skip to content

Commit

Permalink
Merge pull request #3114 from annuay-google/experimental
Browse files Browse the repository at this point in the history 
Experimental Networking Features for GKE
  • Loading branch information
@cdunbar13
cdunbar13 authored Oct 11, 2024
2 parents 99493df + 5ca7d82 commit 658bbb1
Show file tree
Hide file tree
Showing 20 changed files with 249 additions and 113 deletions.
16 changes: 8 additions & 8 deletions community/modules/compute/pbspro-execution/README.md
View file

Large diffs are not rendered by default.

30 changes: 15 additions & 15 deletions community/modules/compute/schedmd-slurm-gcp-v6-nodeset-dynamic/README.md
View file

Large diffs are not rendered by default.

4 changes: 3 additions & 1 deletion community/modules/network/rdma-vpc/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ No resources.
| <a name="input_region"></a> [region](#input\_region) | The default region for Cloud resources | `string` | n/a | yes |
| <a name="input_secondary_ranges"></a> [secondary\_ranges](#input\_secondary\_ranges) | Secondary ranges that will be used in some of the subnets. Please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions. | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| <a name="input_shared_vpc_host"></a> [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
| <a name="input_subnetworks_template"></a> [subnetworks\_template](#input\_subnetworks\_template) | Rules for creating subnetworks within the VPC | <pre>object({<br> count = number<br> name_prefix = string<br> ip_range = string<br> region = string<br> private_access = optional(bool)<br> })</pre> | <pre>{<br> "count": 8,<br> "ip_range": "192.168.0.0/16",<br> "name_prefix": "subnet",<br> "region": null<br>}</pre> | no |
| <a name="input_subnetworks_template"></a> [subnetworks\_template](#input\_subnetworks\_template) | Rules for creating subnetworks within the VPC | <pre>object({<br/> count = number<br/> name_prefix = string<br/> ip_range = string<br/> region = string<br/> private_access = optional(bool)<br/> })</pre> | <pre>{<br/> "count": 8,<br/> "ip_range": "192.168.0.0/16",<br/> "name_prefix": "subnet",<br/> "region": null<br/>}</pre> | no |

## Outputs

Expand All @@ -76,5 +76,7 @@ No resources.
| <a name="output_network_name"></a> [network\_name](#output\_network\_name) | Name of the new VPC network |
| <a name="output_network_self_link"></a> [network\_self\_link](#output\_network\_self\_link) | Self link of the new VPC network |
| <a name="output_subnetwork_interfaces"></a> [subnetwork\_interfaces](#output\_subnetwork\_interfaces) | Full list of subnetwork objects belonging to the new VPC network (compatible with vm-instance) |
| <a name="output_subnetwork_interfaces_gke"></a> [subnetwork\_interfaces\_gke](#output\_subnetwork\_interfaces\_gke) | Full list of subnetwork objects belonging to the new VPC network (compatible with gke-node-pool) |
| <a name="output_subnetwork_name_prefix"></a> [subnetwork\_name\_prefix](#output\_subnetwork\_name\_prefix) | Prefix of the RDMA subnetwork names |
| <a name="output_subnetworks"></a> [subnetworks](#output\_subnetworks) | Full list of subnetwork objects belonging to the new VPC network |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
17 changes: 17 additions & 0 deletions community/modules/network/rdma-vpc/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,23 @@ locals {
alias_ip_range = []
}
]

# FIX_ME(arajmane): There is a concern about this not working in a shared VPC environment.
# To unblock experimental testing, we decided to go ahead with this.
output_subnets_gke = [
for subnet in module.vpc.subnets : {
network = local.network_name
subnetwork = subnet.name
subnetwork_project = var.project_id
network_ip = ""
nic_type = coalesce(var.nic_type, try(regex("IRDMA", local.profile_name), regex("MRDMA", local.profile_name), "RDMA"))
stack_type = null
queue_count = null
access_config = []
ipv6_access_config = []
alias_ip_range = []
}
]
}

module "vpc" {
Expand Down
14 changes: 14 additions & 0 deletions community/modules/network/rdma-vpc/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,17 @@ output "subnetwork_interfaces" {
value = local.output_subnets
depends_on = [module.vpc]
}

# The output subnetwork_interfaces is compatible with vm-instance module but not with gke-node-pool
# See https://github.com/GoogleCloudPlatform/cluster-toolkit/blob/99493df21cecf6a092c45298bf7a45e0343cf622/modules/compute/vm-instance/variables.tf#L220
# So, we need a separate output that makes the network and subnetwork names available
output "subnetwork_interfaces_gke" {
description = "Full list of subnetwork objects belonging to the new VPC network (compatible with gke-node-pool)"
value = local.output_subnets_gke
depends_on = [module.vpc]
}

output "subnetwork_name_prefix" {
description = "Prefix of the RDMA subnetwork names"
value = var.subnetworks_template.name_prefix
}
8 changes: 4 additions & 4 deletions community/modules/network/rdma-vpc/vpc-submodule/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@ limitations under the License.
| <a name="input_auto_create_subnetworks"></a> [auto\_create\_subnetworks](#input\_auto\_create\_subnetworks) | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | `bool` | `false` | no |
| <a name="input_delete_default_internet_gateway_routes"></a> [delete\_default\_internet\_gateway\_routes](#input\_delete\_default\_internet\_gateway\_routes) | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | `bool` | `false` | no |
| <a name="input_description"></a> [description](#input\_description) | An optional description of this resource. The resource must be recreated to modify this field. | `string` | `""` | no |
| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | List of egress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br/> name = string<br/> description = optional(string, null)<br/> disabled = optional(bool, null)<br/> priority = optional(number, null)<br/> destination_ranges = optional(list(string), [])<br/> source_ranges = optional(list(string), [])<br/> source_tags = optional(list(string))<br/> source_service_accounts = optional(list(string))<br/> target_tags = optional(list(string))<br/> target_service_accounts = optional(list(string))<br/><br/> allow = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> deny = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> log_config = optional(object({<br/> metadata = string<br/> }))<br/> }))</pre> | `[]` | no |
| <a name="input_enable_ipv6_ula"></a> [enable\_ipv6\_ula](#input\_enable\_ipv6\_ula) | Enabled IPv6 ULA, this is a permanent change and cannot be undone! (default 'false') | `bool` | `false` | no |
| <a name="input_firewall_rules"></a> [firewall\_rules](#input\_firewall\_rules) | This is DEPRECATED and available for backward compatibility. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> direction = optional(string, "INGRESS")<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br> name = string<br> description = optional(string, null)<br> disabled = optional(bool, null)<br> priority = optional(number, null)<br> destination_ranges = optional(list(string), [])<br> source_ranges = optional(list(string), [])<br> source_tags = optional(list(string))<br> source_service_accounts = optional(list(string))<br> target_tags = optional(list(string))<br> target_service_accounts = optional(list(string))<br><br> allow = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> deny = optional(list(object({<br> protocol = string<br> ports = optional(list(string))<br> })), [])<br> log_config = optional(object({<br> metadata = string<br> }))<br> }))</pre> | `[]` | no |
| <a name="input_firewall_rules"></a> [firewall\_rules](#input\_firewall\_rules) | This is DEPRECATED and available for backward compatibility. Use ingress\_rules and egress\_rules variables. List of firewall rules | <pre>list(object({<br/> name = string<br/> description = optional(string, null)<br/> direction = optional(string, "INGRESS")<br/> disabled = optional(bool, null)<br/> priority = optional(number, null)<br/> ranges = optional(list(string), [])<br/> source_tags = optional(list(string))<br/> source_service_accounts = optional(list(string))<br/> target_tags = optional(list(string))<br/> target_service_accounts = optional(list(string))<br/><br/> allow = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> deny = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> log_config = optional(object({<br/> metadata = string<br/> }))<br/> }))</pre> | `[]` | no |
| <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | List of ingress rules. This will be ignored if variable 'rules' is non-empty | <pre>list(object({<br/> name = string<br/> description = optional(string, null)<br/> disabled = optional(bool, null)<br/> priority = optional(number, null)<br/> destination_ranges = optional(list(string), [])<br/> source_ranges = optional(list(string), [])<br/> source_tags = optional(list(string))<br/> source_service_accounts = optional(list(string))<br/> target_tags = optional(list(string))<br/> target_service_accounts = optional(list(string))<br/><br/> allow = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> deny = optional(list(object({<br/> protocol = string<br/> ports = optional(list(string))<br/> })), [])<br/> log_config = optional(object({<br/> metadata = string<br/> }))<br/> }))</pre> | `[]` | no |
| <a name="input_internal_ipv6_range"></a> [internal\_ipv6\_range](#input\_internal\_ipv6\_range) | When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) | `string` | `null` | no |
| <a name="input_mtu"></a> [mtu](#input\_mtu) | The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | `number` | `0` | no |
| <a name="input_network_firewall_policy_enforcement_order"></a> [network\_firewall\_policy\_enforcement\_order](#input\_network\_firewall\_policy\_enforcement\_order) | Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`) | `string` | `null` | no |
Expand All @@ -68,7 +68,7 @@ limitations under the License.
| <a name="input_routing_mode"></a> [routing\_mode](#input\_routing\_mode) | The network routing mode (default 'GLOBAL') | `string` | `"GLOBAL"` | no |
| <a name="input_secondary_ranges"></a> [secondary\_ranges](#input\_secondary\_ranges) | Secondary ranges that will be used in some of the subnets | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
| <a name="input_shared_vpc_host"></a> [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | The list of subnets being created | <pre>list(object({<br> subnet_name = string<br> subnet_ip = string<br> subnet_region = string<br> subnet_private_access = optional(string)<br> subnet_private_ipv6_access = optional(string)<br> subnet_flow_logs = optional(string)<br> subnet_flow_logs_interval = optional(string)<br> subnet_flow_logs_sampling = optional(string)<br> subnet_flow_logs_metadata = optional(string)<br> subnet_flow_logs_filter = optional(string)<br> subnet_flow_logs_metadata_fields = optional(list(string))<br> description = optional(string)<br> purpose = optional(string)<br> role = optional(string)<br> stack_type = optional(string)<br> ipv6_access_type = optional(string)<br> }))</pre> | n/a | yes |
| <a name="input_subnets"></a> [subnets](#input\_subnets) | The list of subnets being created | <pre>list(object({<br/> subnet_name = string<br/> subnet_ip = string<br/> subnet_region = string<br/> subnet_private_access = optional(string)<br/> subnet_private_ipv6_access = optional(string)<br/> subnet_flow_logs = optional(string)<br/> subnet_flow_logs_interval = optional(string)<br/> subnet_flow_logs_sampling = optional(string)<br/> subnet_flow_logs_metadata = optional(string)<br/> subnet_flow_logs_filter = optional(string)<br/> subnet_flow_logs_metadata_fields = optional(list(string))<br/> description = optional(string)<br/> purpose = optional(string)<br/> role = optional(string)<br/> stack_type = optional(string)<br/> ipv6_access_type = optional(string)<br/> }))</pre> | n/a | yes |

## Outputs

Expand Down
Loading

0 comments on commit 658bbb1

Please sign in to comment.